Total
755 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2023-51711 | 1 Regify | 1 Regipay | 2024-02-28 | N/A | 7.8 HIGH |
An issue was discovered in Regify Regipay Client for Windows version 4.5.1.0 allows DLL hijacking: a user can trigger the execution of arbitrary code every time the product is executed. | |||||
CVE-2023-28740 | 2 Intel, Microsoft | 4 Quickassist Technology, Quickassist Technology Firmware, Quickassist Technology Library and 1 more | 2024-02-28 | N/A | 7.8 HIGH |
Uncontrolled search path element in some Intel(R) QAT drivers for Windows - HW Version 2.0 before version 2.0.4 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
CVE-2023-33874 | 1 Intel | 7 Hid Event Filter Driver, Nuc 12 Pro Board Nuc12wsbv5, Nuc 12 Pro Board Nuc12wsbv7 and 4 more | 2024-02-28 | N/A | 7.3 HIGH |
Uncontrolled search path in some Intel(R) NUC 12 Pro Kits & Mini PCs - NUC12WS Intel(R) HID Event Filter Driver installation software before version 2.2.2.1 for Windows may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
CVE-2023-41117 | 1 Enterprisedb | 1 Postgres Advanced Server | 2024-02-28 | N/A | 9.8 CRITICAL |
An issue was discovered in EnterpriseDB Postgres Advanced Server (EPAS) before 11.21.32, 12.x before 12.16.20, 13.x before 13.12.16, 14.x before 14.9.0, and 15.x before 15.4.0. It contain packages, standalone packages, and functions that run SECURITY DEFINER but are inadequately secured against search_path attacks. | |||||
CVE-2023-47452 | 1 Notepad-plus-plus | 1 Notepad\+\+ | 2024-02-28 | N/A | 7.8 HIGH |
An Untrusted search path vulnerability in notepad++ 6.5 allows local users to gain escalated privileges through the msimg32.dll file in the current working directory. | |||||
CVE-2023-6338 | 1 Lenovo | 1 Universal Device Client | 2024-02-28 | N/A | 7.8 HIGH |
Uncontrolled search path vulnerabilities were reported in the Lenovo Universal Device Client (UDC) that could allow an attacker with local access to execute code with elevated privileges. | |||||
CVE-2023-29069 | 1 Autodesk | 1 Desktop Connector | 2024-02-28 | N/A | 7.8 HIGH |
A maliciously crafted DLL file can be forced to install onto a non-default location, and attacker can overwrite parts of the product with malicious DLLs. These files may then have elevated privileges leading to a Privilege Escalation vulnerability. | |||||
CVE-2023-0898 | 1 Ge | 1 Micom S1 Agile | 2024-02-28 | N/A | 7.3 HIGH |
General Electric MiCOM S1 Agile is vulnerable to an attacker achieving code execution by placing malicious DLL files in the directory of the application. | |||||
CVE-2023-41782 | 1 Zte | 2 Zxcloud Irai, Zxcloud Irai Firmware | 2024-02-28 | N/A | 4.8 MEDIUM |
There is a DLL hijacking vulnerability in ZTE ZXCLOUD iRAI, an attacker could place a fake DLL file in a specific directory and successfully exploit this vulnerability to execute malicious code. | |||||
CVE-2023-47454 | 1 Netease | 1 Cloudmusic | 2024-02-28 | N/A | 7.8 HIGH |
An Untrusted search path vulnerability in NetEase CloudMusic 2.10.4 for Windows allows local users to gain escalated privileges through the urlmon.dll file in the current working directory. | |||||
CVE-2023-47113 | 2 Bleachbit, Microsoft | 2 Bleachbit, Windows | 2024-02-28 | N/A | 7.3 HIGH |
BleachBit cleans files to free disk space and to maintain privacy. BleachBit for Windows up to version 4.4.2 is vulnerable to a DLL Hijacking vulnerability. By placing a DLL in the Folder c:\DLLs, an attacker can run arbitrary code on every execution of BleachBit for Windows. This issue has been patched in version 4.5.0. | |||||
CVE-2023-4936 | 1 Synaptics | 1 Displaylink Usb Graphics | 2024-02-28 | N/A | 7.8 HIGH |
It is possible to sideload a compromised DLL during the installation at elevated privilege. | |||||
CVE-2023-29151 | 1 Intel | 1 Platform Service Record Software Development Kit | 2024-02-28 | N/A | 7.8 HIGH |
Uncontrolled search path element in some Intel(R) PSR SDK before version 1.0.0.20 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
CVE-2023-45248 | 2 Acronis, Microsoft | 2 Agent, Windows | 2024-02-28 | N/A | 7.3 HIGH |
Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 36497, Acronis Cyber Protect 16 (Windows) before build 37391. | |||||
CVE-2023-36853 | 1 Keysight | 1 Geolocation Server | 2024-02-28 | N/A | 7.8 HIGH |
?In Keysight Geolocation Server v2.4.2 and prior, a low privileged attacker could create a local ZIP file containing a malicious script in any location. The attacker could abuse this to load a DLL with SYSTEM privileges. | |||||
CVE-2022-25864 | 1 Intel | 1 Oneapi Math Kernel Library | 2024-02-28 | N/A | 7.8 HIGH |
Uncontrolled search path in some Intel(R) oneMKL software before version 2022.0 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
CVE-2023-24016 | 2 Intel, Linux | 2 Quartus Prime, Linux Kernel | 2024-02-28 | N/A | 7.3 HIGH |
Uncontrolled search path element in some Intel(R) Quartus(R) Prime Pro and Standard edition software for linux may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
CVE-2023-44220 | 1 Sonicwall | 1 Netextender | 2024-02-28 | N/A | 7.3 HIGH |
SonicWall NetExtender Windows (32-bit and 64-bit) client 10.2.336 and earlier versions have a DLL Search Order Hijacking vulnerability in the start-up DLL component. Successful exploitation via a local attacker could result in command execution in the target system. | |||||
CVE-2023-41929 | 1 Samsung | 1 Memory Card \& Ufd Authentication | 2024-02-28 | N/A | 7.3 HIGH |
A DLL hijacking vulnerability in Samsung Memory Card & UFD Authentication Utility PC Software before 1.0.1 could allow a local attacker to escalate privileges. (An attacker must already have user privileges on Windows to exploit this vulnerability.) | |||||
CVE-2023-28405 | 1 Intel | 1 Openvino | 2024-02-28 | N/A | 7.8 HIGH |
Uncontrolled search path in the Intel(R) Distribution of OpenVINO(TM) Toolkit before version 2022.3.0 may allow an authenticated user to potentially enable escalation of privilege via local access. |